{"id":"CVE-2022-27114","details":"There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img-\u003ewidth' and 'img-\u003eheight' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.","modified":"2026-04-16T04:36:48.766744798Z","published":"2022-05-09T17:15:09.130Z","related":["openSUSE-SU-2024:12071-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00014.html"},{"type":"REPORT","url":"https://github.com/michaelrsweet/htmldoc/issues/471"},{"type":"FIX","url":"https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/michaelrsweet/htmldoc","events":[{"introduced":"0"},{"last_affected":"8b15a4e4fc58f4dbbecb91c5ca256a5dde28b793"},{"fixed":"31f780487e5ddc426888638786cdc47631687275"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.9.16"}]}}],"versions":["v1.8.30","v1.9","v1.9.1","v1.9.10","v1.9.11","v1.9.12","v1.9.13","v1.9.14","v1.9.15","v1.9.16","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6","v1.9.7","v1.9.8","v1.9.9"],"database_specific":{"vanir_signatures_modified":"2026-04-11T22:01:37Z","vanir_signatures":[{"signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2022-27114-973186cc","source":"https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275","digest":{"line_hashes":["22248037274654815650576322048949287649","296267264495823945779616527713243343029","54805180142347034579293677483579791376","20168580982717471945539945481714769220","161029606450311038018640252069572140345","44015766389042975539425594357402522582","199150106324938499033452393139848187681","319593469495359680306054830735473771766","199852375355020133944898896514129910403","216794987705941529715646134661982004094","297929791160051720547755394787491271325","7171333243352453904152759386472981638","51235282975610117606622240123798757686","139219188293486094321898282517797944219","95795465467944516194981923126261552544","187404233367137448172080560522809448340","260172315706847100484704933799299393600","74720969679059144997190065584026944843","268732769885590353792037465098898972395","281414488574503611417848351362295128022","138700746721977183646352493457492251959"],"threshold":0.9},"target":{"file":"htmldoc/image.cxx"}},{"target":{"function":"image_load_gif","file":"htmldoc/image.cxx"},"deprecated":false,"signature_type":"Function","id":"CVE-2022-27114-9bd92723","source":"https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275","digest":{"function_hash":"241568264683061213505846123332327175641","length":1959},"signature_version":"v1"},{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2022-27114-dd877a75","source":"https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275","digest":{"function_hash":"73575095114162104851611625724241060175","length":1690},"target":{"function":"image_load_jpeg","file":"htmldoc/image.cxx"}},{"digest":{"function_hash":"92107085259171046339019667125662630305","length":4174},"deprecated":false,"signature_type":"Function","id":"CVE-2022-27114-ef3bc290","source":"https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275","signature_version":"v1","target":{"function":"image_load_png","file":"htmldoc/image.cxx"}},{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2022-27114-f8105265","target":{"function":"image_load_bmp","file":"htmldoc/image.cxx"},"digest":{"function_hash":"206302635082091458458529011910038932243","length":4392},"source":"https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27114.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}